Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users
Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users
The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored, locked-down internet for British users. The bill could empower the government to undermine not just the.....
Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users::The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored, locked-down internet for British users. The bill could empower the government to undermine not just the...
You're viewing a single thread.
Why all internet users and not "just" those in the UK?
A clause of the bill allows Ofcom, the British telecom regulator, to serve a notice requiring tech companies to scan their users–all of them–for child abuse content.This would affect even messages and files that are end-to-end encrypted to protect user privacy. As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.
I am willing to bet that the overwhelming response from tech to "build a back door into every internet user's E2EE communication globally for us to use" is going to be a big fat "No". The UK market isn't big enough to be making these kinds of demands.
The reaction is more likely 'It's still impossible. Just like we told you all the other times. Idiots.'
It's technically not impossible, it would just get rid if the entire point of E2EE, which is mentioned in the open response from WhatsApp, Signal, and others:
if implemented as written, could empower Ofcom to try to force the proactive scanning of private messages on end-to-end encrypted communication services, nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users
...this would make E2EE effectively meaningless, because no amount of encryption will protect against getting scanned at the entrance and exit.
And then some incompetent contractor will put the backdoor key onto their GitHub and completely destroy everyone’s privacy
Yeah exactly, it's very, very stupid and not something any service that actually bothered to enable E2EE in the first place would ever seriously consider.
AND it would probably break laws in other countries that actually value privacy or security. It's not like they'd be making a UK-only client for every fucking app or device that uses encrypted communications
VPNs: exist
At more length: the internet is incredibly complicated and interrelated. It’s actually extremely difficult to draw clear national boundaries in terms of one web service or another, and the result is honestly never going to be 100% accurate.